What exactly do you mean by a signature? And you should specify the exact schemes you want to use. With common terminology a signature uses asymmetric crypto, a MAC symmetric. So you need different kinds of keys for that.
–
CodesInChaos♦Nov 1 '12 at 10:46

2 Answers
2

Bob has a pair of keys, a public and a private one. The public one is known to Alice, too. (And to any possible attackers, too.)

Bob wants to send a message to Alice.

Bob does some operation with the message and his private key (he signs the message), and obtains a signature.

Bob sends message and signature to Alice.

Alice does some operation with message, signature and the public key and can verify these fit together, i.e. that the message really was signed by Bob.

The usual meaning of a MAC (message authentication code) is this:

Bob and Alice have a shared secret key.

Bob wants to send a message to Alice.

Bob does some operation with the message and the secret key, and obtains a MAC.

Bob sends message and MAC to Alice.

Alice does some operation with message, MAC and the secret key and can verify these fit together, i.e. that the message really was sent by Bob. (Actually, as she knows the key, too, she can only verify that "the message was sent by Bob or Alice", and has to know by some other means that this was not her own message.)

How could they use the same key to produce a MAC and a signature? We could use one of the signature keys for the MAC:

If this would be Bob's private key, Alice would need to know it too for verification, and then it wouldn't be private anymore. (And Bob would be able to forge Alice's signatures, too.)

If they used the public key, then anyone knowing it would be able to forge the MAC.

Both are not good ideas, normally.

There might be a way to do something similar, though. For example, if both Alice and Bob have a key pair, they might be able to calculate a shared secret from both (e.g. using the Diffie-Hellman key exchange if these are discrete-log-type key pairs), and use this shared result for a MAC. At the same time, Bob might use his private key to sign the message.

As Paŭlo Ebermann said, digital signatures involve a keypair ( a private key and a public key ), and there's no way to directly use either key for a MAC.
There are several ways to indirectly use public key cryptography to generate something that could be used as a MAC key -- but I don't see any reason to ever do that.

Once you've confirmed that the digital signature attached to a file is valid, you already know that the message is authentic and it came from the person who knows the private key used to create that public key. I don't see any point of also having an additional MAC.